<?php

ob_start();
session_start();
 
$uid = $_POST['userid'];
$password = $_POST['password'];
 
require_once('db.php');
 
$uid = mysql_real_escape_string($uid);
$query = "SELECT id, uid,role,name,password  
        FROM tb_users
        WHERE uid = '$uid';";
 
$result = @mysql_query($query,$link);
 
if(@mysql_num_rows($result) == 0) 
{
    header("Location: index.php");
}
 
$userData = mysql_fetch_array($result, MYSQL_ASSOC);
//$hash = hash('sha256', $password);
 $hash = md5($password);
 
if($hash != $userData['password'])
{
    header("Location: index.php");
	
}else{
	
	session_regenerate_id();
	
	$_SESSION['sess_id'] = $userData['id'];
	$_SESSION['sess_uid'] = $userData['uid'];
	$_SESSION['sess_role'] = $userData['role'];
	$_SESSION['sess_name'] = $userData['name'];
		
	session_write_close();
	$hdr = "Location: index.php";
	if ($userData['role']=='admin'){
		$hdr = "Location: main_bo.php";
	} elseif ($userData['role']=='cashier') {
		$hdr = "Location: main_pos.php";
	} 
	
	header($hdr);
}


ob_end_flush();


?>